The Bluetooth protocol has come a long way since first being invented in the late 1980s with mass adoption taking place in the 2000s. While the current standard for Bluetooth (version 5 ) introduces many security improvements, many device vendors still support legacy Bluetooth standards like Bluetooth 2.0 which fail to utilize a security feature called Secure Simple Pairing (SSP). Couple this with the fact that Bluetooth works by broadcasting that a device has the service enabled plus the fact that the encryption algorithm used in legacy versions of Bluetooth had their own flaws and you’ve essentially made your self a target.
So what has been done to improve Bluetooth in recent years? Starting with Bluetooth 4.2, a new feature known as Secure Connections was included which allows secure connections to Low-Energy (LE) and Non LE devices (Version 4.1 only allowed secure connections to be established with non-LE Bluetooth devices). This traffic is also encrypted using the Advance Encryption Standard (AES) with Cipher Block Chaining Message Authentication Code (CCM) which provides encryption (masking of data) and authentication (verifying ones identity). Even with the inclusion of additional security features, Bluetooth devices still poses a security risk since multiple versions of the Bluetooth protocol are still in use.
Below is a list of attacks that are commonly used against Bluetooth devices:
- Eavesdropping — An attacker can sniff the air for Bluetooth data in transmission and, by exploiting the right vulnerabilities, read and/or listen to that data. So if you’re conversing on the phone with a Bluetooth headset, for example, someone could potentially listen in.
- Bluesnarfing — An attacker can, once devices are paired, access and steal information off of your Bluetooth device. The connection is usually made without your knowledge, possibly resulting in stolen contact info, photos, videos, calendar events, and more.
- Bluebugging — An attacker can also remotely control various aspects of your device. Outgoing calls and texts can be sent, incoming calls and texts forwarded, settings changed, and screens and key presses can be watched, etc.
- Denial of service — An attacker can flood your device with nonsense data, blocking communications, draining battery life, or even crashing your device altogether.
While Bluetooth still has it’s flaws, the following steps can be taken to lower the risk of being a victim of an attack:
- Avoid connecting to devices that use older versions of Bluetooth such as Bluetooth 2.0
- Only connect to trusted devices
- Turn of your Bluetooth discoverability
- Change default Bluetooth pins
- Turn off Bluetooth when it’s not in use